Google shutting down an active counterterrorism operation (2020)

From International cyber law: interactive toolkit
Jump to navigation Jump to search
Date The first attacks were discovered in February 2020, the second wave of attack is dated October 2020.[1]
Suspected actor Western government operatives[2]
Target Devices using iOS, Android and Windows software.[1] [3]
Target systems Even though the Project Zero team omitted the information who was being targeted,[2] it can be concluded that in general the systems were targeted through browsers  - Safari, Chrome, Samsung Browser.[1]
Method The “threat actor” conducted an attack in which he was luring the users of the browsers in through a never-before-seen “watering hole website” that would attempt to infect some devices using a mixture of three zero-day and other “n-day” (already publicly known) vulnerabilities.[3] The website was pointing to two exploit servers that hosted exploit chains for Android, Windows, and iOS devices.[1]
Purpose According to the findings by the MIT Technological Review, the attacks were part of a counter-terrorism operations.[2]
Result After nine months of a hacking operation, Google’s security teams exposed it. Moreover, since the “expert” hacking group exploited 11 powerful vulnerabilities, Project Zero consider this operation as a big success.[1] On the other hand, when MIT revealed that the “expert” hacking group were actually Western government operatives actively conducting a counterterrorism operation, it raised the question if the disclosure of such operation is appropriate.[4]
Aftermath The main issue of the operation was the speed and level of the expertise of attacks. Moreover, the fact that so many vulnerabilities were discovered that quickly is still troublesome, as other skilled hackers might have found and exploited them. According to the BGR “the silver lining of these revelations is that Western spies were targeting specific groups of people, which means most Android, iPhone, and Windows users shouldn’t be impacted.[5]
Analysed in Scenario 07: Leak of State-developed hacking tools

Scenario 11: Sale of surveillance tools in defiance of international sanctions

Collected by: Anna Blechová